Enhanced method and system for assuring integrity of deduplicated data

ABSTRACT

The present invention provides for an enhanced method and system for assuring integrity of deduplicated data objects stored within a storage system. A digital signature of the data object is generated to determine if the data object reassembled from a deduplicated state is identical to its pre-deduplication state. In one embodiment, generating the object signature of a data object before deduplication comprises generating an object signature from intermediate hash values computed from a hash function operating on each data chunk within the data object, the hash function also used to determine duplicate data chunks. In an alternative embodiment, generating the object signature of a data object before deduplication comprises generating an object signature on a portion of each data chunk of the data object.

FIELD OF THE INVENTION

The present invention generally relates to data storage and retrieval operations within a data storage system. The present invention specifically relates to the operation of an enhanced method and system of assuring integrity of deduplicated data on a storage-management system that provides a repository for computer information that is backed up, archived, or migrated from client nodes in a computer network.

BACKGROUND OF THE INVENTION

Data storage solutions can be enhanced by introducing a form of compression known as “deduplication”. Deduplication generally refers to the elimination of redundant subfiles from data objects, these subfiles generally referred to as blocks, chunks, or extents. The deduplication process is usually applied to a large collection of files in a shared data store, and its successful operation greatly reduces the redundant storage of common data.

In a typical configuration, a disk-based storage system such as a storage-management server or virtual tape library has the capability to perform deduplication by detecting redundant data chunks within its data objects and preventing the redundant storage of such chunks. For example, the deduplicating storage system could divide file A into chunks a-h, detect that chunks b and e are redundant, and store the redundant chunks only once. The redundancy could occur within file A or with other files stored in the storage system. Deduplication can be performed as objects are ingested by the storage manager (in-band) or after ingestion (out-of-band).

Known techniques exist for deduplicating data objects. Typically, the object is divided into chunks using a method such as Rabin fingerprinting. Redundant chunks are detected using a hash function such as MD5 or SHA-1 to produce a hash value for each chunk, and this hash value is compared against values for chunks already stored on the system. The hash values for stored chunks are typically maintained in an index. If a redundant chunk is identified, that chunk can be replaced with a pointer to the matching chunk.

Advantages of data deduplication include requiring reduced storage capacity for a given amount of data; providing the ability to store significantly more data on a given amount of disk; and improving the ability to meet recovery time objective (RTO) when restoring from disk rather than tape.

Although deduplication offers these potential benefits, it also introduces new risks of data loss for any of several reasons. The first risk is false matches. It is possible that two different chunks could hash to the same value (called a collision), causing the system to deduplicate an object by referencing a chunk that does not match. Depending on the hash function used, the probability of such a collision may be extremely low but is still finite. Avoidance techniques include combining multiple hashes against the same chunk, comparing other information about chunks, or performing a byte-by-byte comparison. However, these techniques may involve additional, time-consuming processing for assessing every chunk or byte.

Additionally, deduplication increases the potential impact of media failure. If one chunk is referenced by multiple data objects, loss of that one chunk due to media error or failure could result in data loss for many objects. Similarly, a higher risk for logic errors also exists because deduplication adds significant complexity to a storage system, thus creating the potential for data loss due to a programming error.

A solution is needed to achieve the benefits of deduplication while also providing protection against data loss from mechanisms such as those described above.

BRIEF SUMMARY OF THE INVENTION

The present invention provides a new and unique enhanced method and system for assuring integrity of deduplicated data within storage management applications. Prior to or during deduplication of data objects, a signature of the entire object is generated and stored for each object. In one embodiment of the present invention, this signature is a checksum generated as the result of a hash function. Because the checksum is generated before the object is deduplicated, each checksum represents a digital signature of the entire object. This signature of the entire object is then stored in an index or database for later retrieval and verification.

In one embodiment of the present invention, as data objects are being deduplicated and a hash function is operating on each data chunk of the data object to determine if the data chunk is duplicate, an intermediate hash value of the data chunk is produced. The intermediate hash values from each data chunk of the data object are then used to generate the object signature of the data object. Additionally, the hash function is able to continue processing each data chunk, which enables the necessary processing for computing a hash value of the data chunk and producing an intermediate value for a checksum of all data chunks within the data object (the object signature) in a single operation.

An alternative embodiment of the present invention performs deduplication and generates an object signature of the data object by computing a checksum on only a portion of each data chunk within the data object. This alternative embodiment, however, uses separate operations to compute a hash value of each data chunk and compute a checksum from a portion of each data chunk within the data object. The portions of the data chunks used to compute the checksum may be concatenated or combined in a similar fashion before computing the object signature checksum.

In one embodiment of the present invention, the hash function used to compute the hash function and compute the checksum for the data object is the same. In an additional embodiment, this hash function is selected from the group consisting of cyclic redundancy check, MD5, SHA-1, SHA-256, SHA-512, and Whirlpool. In a further embodiment of the present invention, the data object is divided into chunks using a Rabin fingerprinting technique.

Additionally, the deduplication and generation of the original object signature during enhanced method may be performed during ingestion of the data object into the data system. In an additional embodiment of the present invention, the enhanced method for assuring integrity of deduplicated data copies the data object to a backup storage media before data objects are deduplicated, and may further provide the data object stored on the backup storage media if the object signatures calculated during the integrity check of the pre-assembled and reassembled data object do not match.

By performing an integrity check upon the reassembled form of the deduplicated data, the present invention allows the space-saving benefits of deduplication to be achieved while also verifying that reassembled deduplicated data can later be accessed without experiencing data loss. Additionally, if a backup copy is made before deduplication, that backup copy is valid irrespective of any errors that might be introduced by deduplication processing. Moreover, by computing and storing a digital signature for the entire data object before deduplication, the present invention provides a means to detect errors introduced during or after deduplication. The presently disclosed enhanced method for assuring integrity enables the computation of this digital signature with fewer processing cycles than computing the signature from the entire data object.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A illustrates an exemplary operational environment for the operation of one embodiment of the present invention;

FIG. 1B illustrates an exemplary state of a storage volume utilized in one embodiment of the present invention;

FIG. 1C illustrates an exemplary state of a backup volume utilized in one embodiment of the present invention;

FIG. 2A illustrates an exemplary out-of-band deduplication process being performed in accordance with one embodiment of the present invention;

FIG. 2B illustrates an exemplary in-band deduplication process being performed in accordance with one embodiment of the present invention;

FIG. 3 illustrates a flowchart representative of an exemplary operation of the deduplication process performed in accordance with one embodiment of the present invention;

FIG. 4 illustrates a block diagram of an exemplary operation of computing the digital signature of and storing an entire data object for a exemplary data object in accordance with one embodiment of the present invention;

FIG. 5 illustrates a block diagram of an exemplary operation of computing the digital signature of multiple data chunks within a exemplary data object in accordance with one embodiment of the present invention;

FIG. 6 illustrates a flowchart representative of an exemplary operation of the reassembly process of a deduplicated data object in accordance with one embodiment of the present invention;

FIG. 7A illustrates a block diagram of an exemplary operation of a digital signature check on an exemplary damaged data object in accordance with one embodiment of the present invention;

FIG. 7B illustrates a block diagram of an exemplary operation of a digital signature check on an exemplary undamaged data object in accordance with one embodiment of the present invention;

FIG. 8 illustrates a block diagram of an exemplary operation of an enhanced process of assuring the integrity of deduplicated data in accordance with one embodiment of the present invention;

FIG. 9 illustrates a flowchart representative of an exemplary operation of an enhanced process of assuring the integrity of deduplicated data in accordance with one embodiment of the present invention;

FIG. 10 illustrates a block diagram of an exemplary operation of an additional enhanced process of assuring the integrity of deduplicated data in accordance with one embodiment of the present invention; and

FIG. 11 illustrates a flowchart representative of an exemplary operation of an additional enhanced process of assuring the integrity of deduplicated data in accordance with one embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

The presently disclosed enhanced method and system of assuring integrity of deduplicated data provides an enhanced mechanism for protecting against data corruption occurring as a result of a deduplication process. One embodiment of the present invention achieves this result by not only computing a digital signature of data object chunks to perform the deduplication process, but also by computing a digital signature of the entire data object as a whole before the data is deduplicated. This computed digital signature of the entire data object is subsequently used to verify the reassembly of the data object into its original state when the file is later accessed.

The enhancement according to one embodiment of the present invention involves performing checksum generation using reduced processing. Specifically, a checksum for the data object is generated from only a portion of each chunk of the object, in comparison to taking the checksum of the entire object. This enhanced method provides a high probability of detecting false chunk matches because the chance of generating the same hash value for two different chunks in addition to computing the same checksum for portions of each chunk in the object would be extremely small.

An additional enhancement according to another embodiment of the present invention involves a more efficient way of computing the checksum for the data object during deduplication. This method involves combining the operation of computing a hash value for each chunk of the data object with the operation of computing the checksum for the entire data object. This refinement improves processing efficiency during deduplication, and maintains the level of data integrity accuracy as if performing the hash value calculation for the data chunks and the checksum calculation for the entire data object separately.

The presently disclosed enhanced method and system therefore provides a means to detect errors introduced during or after deduplication. By performing an integrity check upon data retrieved from a deduplicated state, the present invention provides assurance that the data objects retrieved from a deduplicated state are in their undamaged, original condition. This method and system greatly reduces the possibility of false matches occurring in the hash function used on the numerous data chunks of the data file, and thus improves the integrity of the deduplicated data as a whole.

FIG. 1A depicts a block diagram of an exemplary operational environment for one embodiment of the present invention, demonstrating a storage management system 100 operating over a network 110. The storage management system 100 includes a “primary storage pool” 120 where data is stored during its normal operation within the storage management system, the primary storage pool 120 including multiple storage disks 120 a, 120 b, and 120 c connected over the network 110. The primary storage disk 120 a contains a volume 150 which stores a plurality of data objects.

The storage management system 100 further includes a “copy pool” 130 to contain backups of data objects that are stored in the primary pool. The copy pool 130, which is implemented in this embodiment in the form of tape backup systems 130 a and 130 b, may also be implemented in any other suitable backup means. The tape backup system 130 a further contains a tape media 132 a with a data volume 135, the data volume 135 storing backup copies of a plurality of data objects.

The storage management system 100 further includes a database 140 that contains an index 145 which tracks the location of data objects stored throughout the storage management system. This index 145 tracks data stored in volumes throughout the primary storage pool 120 and the backup copy pool 130.

FIG. 1B depicts an exemplary condition of the data volume 150 which corresponds to the data volume stored within the primary storage disk 120 a of FIG. 1A. The storage volume 150 contains data objects 160(A)-160(N).

In one embodiment of the present invention, before the data objects 160(A)-(N) on data volume 150 are deduplicated (i.e., before the redundant data chunks are eliminated), the data objects 160(A)-(N) are copied in their entirety from volume 150 to create a backup within the copy pool 130. This backup is depicted in FIG. 1A as occurring on archival backup system 130 a within the copy pool 130. An archival backup system may be implemented in the form of a tape or an inexpensive disk, or other suitable backup storage means.

FIG. 1C depicts an exemplary condition of the backup data volume 135 which corresponds to the data volume stored within the backup tape media 132 a on the tape backup system 130 a of FIG. 1A. The backup volume 135 contains copies of the data objects stored on the data volume 150, as depicted by data objects 160′(A)-160′(N). However, a correspondence between the primary storage pool volume 150 and copy pool volume 135 is not necessary. For example, a copy pool volume may contain copies of data objects from multiple primary storage pool volumes, or even multiple primary storage pools. Similarly, the data objects for a given primary storage pool volume may be copied to multiple copy pool volumes, or even to multiple copy storage pools.

FIG. 2A demonstrates an out-of-band data deduplication process operating in one embodiment of the present invention. As depicted in Stage I, data has been ingested into the system before performing deduplication, i.e., data objects are stored in the storage management system in an original, unmodified state before deduplicating. This is depicted by volume 150 in Stage I which contains data objects 160(A) and 160(B) that have not yet been deduplicated.

The deduplication process as depicted in Stage I of FIG. 2A operates by splitting each data object 160(A)-(B) stored on volume 150 into sets of various chunks 170. As further shown in Stage I, data object 160(A) is divided into chunks 170(1), 170(2), 170(3), and 170(4), and data object 160(B) is divided into chunks 170(1), 170(5), 170(3), 170(6), and 170(7). As shown, it is possible for multiple data objects to contain identical chunks, as chunks 170(1) and 170(3) are present in both data objects 160(A) and 160(B).

The result of splitting the data objects is depicted in Stage II of FIG. 2A, with the set of data chunks 170 now residing on the data volume 150. Alternatively, the deduplication process may involve storing and/or deduplicating the data chunks 170 onto another volume in the storage management system.

After the deduplication process is complete, each of the data objects 160(A)-(N) which existed on the primary storage volume 150 will be transformed into a series of chunks and pointers. As depicted in Stage III of FIG. 2A, the deduplication process has operated to replace data chunks that are duplicate of 170(1) and 170(3) with pointers 180(1) and 180(3). Once the data is fully deduplicated, the primary storage media volume 150 contains only one copy of each data chunk within data chunks 170. The index 145 depicted within FIG. 1 of the exemplary storage management system is utilized to list and track the various data chunks 170 and pointers 180, allowing the system to efficiently locate duplicate chunks and deallocate space to eliminate the redundant chunks. Although this example suggests that that common chunks are shared only within a single volume, it is possible for common chunks to be shared within an entire storage pool or even across multiple storage pools.

The deduplication process depicted in FIG. 2A is performed subsequent to data ingestion, and is preceded by an operation to copy data to the copy pool volume 135 such as an asynchronous storage pool backup operation. However, as depicted in FIG. 2B, in an alternative embodiment of the present invention, the backup and deduplication processes may also be performed synchronously during ingestion of new data objects into the storage management system.

FIG. 2B depicts a new data object 160(C) being introduced into the storage management system, with in-band deduplication causing the data object 160(C) to be deduplicated and stored onto data volume 150 during ingestion. As the data object is ingested, two operations occur. The data object 160(C) is first copied to the backup copy volume 135 and stored in its entire object form, creating the copy of the data object 160′(C) in addition to backup files 160′(A) and 160′(B). The second operation involves splitting the data object 160(C) into data chunks and pointers to store in a deduplicated state on volume 150.

The second operation in FIG. 2B depicts the deduplication process operating by splitting data object 160(C) into data chunks 170(8), 170(9), 170(3), and 170(7). Accordingly, because data chunks 170(3) and 170(7) are already stored on the data volume, the new copies of these data chunks are substituted with pointers 181(3) and 180(7). Pointer 180(3) previously created in the deduplication process of FIG. 2A and new pointer 181(3) now both point to the same data chunk 170(3).

Before the deduplication operations depicted in both FIGS. 2A and 2B are performed, data objects 160(A)-(N) are copied to a copy pool. Because copies are made of the non-deduplicated data objects before starting the deduplication process, protection is achieved against data loss or errors which could otherwise be caused by the deduplication process or to the deduplicated data.

FIG. 3 depicts a flowchart further demonstrating an exemplary operation of the backup and deduplication operations upon a single data object in one embodiment of the present invention. The data object is ingested into the storage management system, step 301. For a system operating an out-of-band deduplication process, the data object is stored as part of data ingestion 301. Prior to or during deduplication of the data object, a digital signature, such as a checksum, is generated for the entirety of the data object, step 302.

The digital signature generation operation 302 may be performed in-band during data ingestion or out-of-band during an operation subsequent to data ingestion. The object signature may be generated as a checksum through a cyclic redundancy check (CRC), MD5, SHA-1, SHA-256, SHA-512, Whirlpool, or other hash function. Because the signature is generated as in step 302 before the object is divided into chunks, the checksum represents a digital signature of the entire object.

At step 303, the computed object digital signature is then stored in a storage management system database or other index. Before deduplication is performed on the data object, the entire data object is backed up to a backup storage pool, further referred to as the “copy pool”, as in step 304. Although depicted as occurring after the signature is computed and stored in steps 302 and 303, in an alternative embodiment, the operation of backing up the entire data object in step 304 may be performed before computing and storing the signature.

The operation of computing the signature for the entirety of a data object is further depicted in FIG. 4. The data object 401 is inputted into an algorithm, such as a checksum generation algorithm, which accordingly calculates the object signature 402 before deduplication. The signature 402 is then saved in an index 403, for later comparison to a signature computed when the data object is reassembled from a deduplicated state.

The deduplication process is then performed by identifying and eliminating redundant chunks within the data object. Returning to FIG. 3, in step 305, the data object is scanned and split into data chunks using a known technique such as Rabin fingerprinting. Next, at step 306-307, a unique identifier is generated for each individual data chunk. In one embodiment of the invention, these unique identifiers may be generated from a hash function and are simple hash values from hashing the data chunk. Thus, in addition to a signature being generated for the data object as a whole at step 302, a chunk-level identifier is also generated for each individual chunk of the data object at step 307. In one embodiment of the present invention, the signature generated for the entire object is generated at the same time as the data object is scanned to create chunks. In another embodiment of the present invention, the function used to generate the signature of the entire object is a hash function identical to that used to compute the identifier for each data chunk.

The operation of calculating an identifier for each data chunk in accordance with one embodiment of the present invention is further depicted in FIG. 5. The data object 501 is split into a number of data chunks 502(1)-502(4). Next, a hash function is run against each data chunk, producing hash value “chunk identifiers” 503(1)-503(4). Finally, each of these chunk identifiers is stored in a database or similar index 504, thereby tracking each of the chunk identifiers and their relationships to the data objects on the system.

The strength of the signature generated in FIG. 3 for both the entire object in step 302 and of the identifier generated for each data chunk in step 306-307 may be chosen to balance processing time versus the probability of false positive matches. A very strong checksum might not be necessary for the entire object as the probability of a false match for both individual chunks and for the entire object would be negligibly small. In one embodiment of the present invention, the steps of computing the signature for the entire object 302 and calculating the identifier 307 for each data chunk 306 are combined to occur at the same time when performing in-band deduplication.

Once the signatures are calculated for the entire data object and each of the data chunks, the deduplication of the individual data chunks is performed. The process generally entails analyzing the unique signature or hash value for each data chunk. For example, during an in-band deduplication process of each corresponding data chunk, the data chunk is stored on primary storage media if the chunk has not been previously encountered; or if the chunk has been previously encountered, a pointer is created to the previous instance of the data chunk on the primary storage media in lieu of re-storing an identical data chunk. For an out-of-band deduplication process, processing is similar, but because all data is already stored, the determination made is whether to delete previously stored data.

Step 308 depicts the method and system for determining if a chunk with a matching chunk identifier is already stored in the primary storage media. If a chunk with the identical hash value already exists on the primary storage media, then the data chunk is removed when performing out-of-band deduplication as in step 309. No action is performed in step 309 for in-band deduplication, because the data chunk has not been stored on the storage media. For both in-band and out-of-band deduplication processes, a pointer is created to the already-existing data chunk on the primary storage media as in step 310.

However, if a chunk with an identical hash value does not exist on the primary storage media, then the data chunk is stored on the primary storage media when performing an in-band deduplication process as in step 311. If performing an out-of-band deduplication process, then no action is performed in step 311. As previously stated, when performing an out-of-band deduplication process, the data chunks will already be stored in the storage pool as part of data ingestion in step 301.

After the data is fully deduplicated and stored, an operation is performed in which the deduplicated data object is accessed. The operation may be a restore, retrieve, or recall operation, or an audit which checks the integrity of stored data. The process of accessing and determining the integrity of a deduplicated data object through the use of an exemplary operation of the present invention is depicted in FIG. 6. First, as the data object is accessed in the deduplicated storage pool or other deduplicated media as in step 601, the data chunks corresponding to the requested data object are retrieved from the system and combined into a reassembled data object, steps 602 and 603, based on the tracking and mapping data stored in the index.

An integrity check of the data is then performed by computing a checksum for the reassembled object as in step 604, using the same signature generation method as was originally used for the entire object. The new signature is computed using the referenced chunks from which the object is assembled. Thus, when a deduplicated data object is subsequently accessed on the computer system, a new signature is computed for the deduplicated object based on a data object produced from a combination of the chunks needed to reassemble that object.

The signature previously generated for the data object before deduplication is retrieved, step 605, and compared with the signature generated for the reassembled data object, step 606. If the signatures match via a comparison as in step 607, the deduplicated object is considered to be valid because the reassembled data object matches its pre-deduplicated state. Accordingly, the reassembled data object is provided, step 608.

If the signatures do not match, step 607, there is something wrong with the deduplicated data object. The inaccuracy may be caused by a number of factors, such as a false match, media failure or error, or deduplication logic error. In response, step 609, the system will treat the deduplicated object as damaged, and will automatically access the corresponding non-deduplicated representation of that data object that was created at step 304 prior to deduplication. This copy of the data object may be introduced from secondary media, such as a tape or a lower-performance hard disk.

In one embodiment of the present invention, a portion of the reassembled object may be sent to the user before the data is detected as being invalid. In an alternate embodiment, the validity check may be performed before sending data. Therefore, an indication of failure may be given before any data is sent or after data is sent. In one embodiment of the present invention, if data has already been sent to the user, the client is notified to discard the previously sent data and prepare to receive the correct data.

Recovery of the damaged data object from the backup media, step 609, may produce a delay from having to mount a tape or transport media from an offsite location, but the error will be detected and data loss averted. Additionally, the invalid data object may be marked as damaged in the storage management system database or other index. The invalid data object may also be recovered to the deduplicated disk media from the backup copy. At a later time, the deduplicated object can be restored from the backup copy as determined by a damage indicator, so a valid object can be replaced on the primary storage disk. In a storage management software solution, this may occur using a storage pool restore operation. Alternatively, the object could also be flagged in the database so a subsequent deduplication operation would not deduplicate the object again, thereby avoiding the possibility of reintroducing the error.

FIG. 7A further depicts a flowchart diagram of an exemplary process that is performed upon identifying a deduplicated data object that has been damaged in accordance with one embodiment of the present invention. Data stored in various chunks in a deduplicated data store 701 is reassembled into a data object 702. Accordingly, the signature 703 of the reassembled object is calculated. The pre-deduplication original data object signature 705 is retrieved from an index 704 of original object signatures that were stored before deduplication. The signature of the reassembled object 703 and that of the original object 705 are then compared 706. FIG. 7A demonstrates the case where the checksums do not match, which indicates that the reassembled data object is somehow flawed and the data integrity check has failed. A copy of the data object 708 will be retrieved from secondary media 707.

FIG. 7B farther depicts a diagram evidencing the processing of a data object which was correctly reassembled into its pre-deduplicated state. Similar to the depiction in FIG. 7A, the chunks in the data store 701 are reassembled into a data object 702, and the digital signature 703 of the reassembled object 702 is computed. The digital signature of the original object 705 is retrieved from an index 704, and a comparison is performed 706. Because the object signatures match, the reassembled object is determined to be valid. Thus, the reassembled data object 702 can be provided to the user, with no need to retrieve the data object from a copy pool.

During normal operation of a system implementing the present invention, data may be accessed from deduplicated disk media, allowing fast access to such data. Only in the exceptional instances where the deduplicated data object is invalid will the data be accessed from a secondary copy with degraded performance. In addition to providing protection against deduplication errors, the secondary copy may also be used for availability, protection against media errors, and even disaster recovery.

FIG. 8 depicts an enhanced process of performing an integrity check to assure the integrity of deduplicated data according to one embodiment of the present invention. This method involves taking a checksum for the data object that covers only a portion of each data chunk. For example, as depicted in FIG. 8, data object 810 is split into chunks 820. The operations of calculating chunk identifiers 830(1)-830(4) and storing the chunk identifiers in an index 840 operate as depicted in FIG. 5 to deduplicate the plurality of data chunks 820 produced from the data object 810. However, before the data chunks are deduplicated, a second operation is run to calculate the signature of the entire data object.

As depicted in FIG. 8, the object signature 850 is produced by taking a checksum on a predefined portion 825(1)-825(4) of each data chunk 820(1)-820(4) of the data object 810. For example, the portions 825(1)-825(4) could represent the first 100 bytes of each data chunk. As depicted in FIG. 8, each of the portions 825(1)-825(4) are combined in an operation, such as with concatenation, and the object signature of the combination of these portions is calculated into the object signature 850. Alternative methods might be used to combine each of the portions 825(1)-825(4) into a unit that the object signature 850 can be computed on. Accordingly, after the object signature 850 is computed, the object signature is stored in an index 860 for later data object integrity verification.

As depicted in FIG. 8, this enhanced process of calculating a data object signature provides improvement over calculating an object signature for an entire data object, because the enhanced method requires less processing by generating a checksum of only a portion of each data chunk as compared to generating the checksum of the entire object. Further, the method depicted in FIG. 8 will provide a high probability of detecting false chunk matches because the chances would be extremely small to both obtain the same hash value for two different chunks during deduplication processing and obtain the checksum from portions of each chunk in the object during retrieval. This enhanced method might also detect logic errors, but would not necessarily detect localized media corruption.

This enhanced process for assuring the integrity of deduplicated data is further depicted in the flowchart of FIG. 9. As shown in step 901, the enhanced process is initiated when a data object is deduplicated. As in step 902, the data object is first divided into one or more data chunks. The object signature is then computed from a portion of each data chunk as in 903 and this object signature is stored in an index as in 904. After the object signature is generated from each data chunk of the data object in its pre-deduplication state, then the data chunks are deduplicated as in 905.

When the deduplicated data object is accessed as in 906, the data object is reassembled from its deduplicated chunks. The integrity check is then performed as in 907 to generate a reassembled object signature. The signature of the reassembled data object is generated using the same process as generating the original object signature of the pre-deduplicated data object. Next, the signature of the reassembled data object is compared with the signature of the original data object retrieved from the index as in 908. If the reassembled object signature matches the original object signature from the index, the reassembled data object is provided to the user as in 909. If the reassembled data object signature does not match the original data object signature, steps may be taken to alert the user and/or retrieve a backup copy of the data object similar to the methods described above.

An additional refinement for assuring the integrity of deduplicated data according to one embodiment of the present invention is depicted in FIG. 10. This enhanced process presents a more efficient way of computing the checksum on the portions of data chunks during deduplication. Rather than scanning the chunks twice by separately computing a hash value for each entire data chunk in addition to computing a checksum for a portion of each data chunk, these two operations are combined into a single operation.

In one embodiment of the present invention, this enhanced method operates by utilizing an intermediate hash value produced when calculating the hash value of the entire data chunk to help produce the checksum for the entire data object. Restated, the checksum is not generated on a predefined portion of the data chunk, but instead, the checksum is generated on the intermediate results produced by the hash function operating on the predefined portion of the data chunk. In a further embodiment of the present invention, the algorithm used for the hash function and checksum have similar characteristics.

For example, if the data object contains four data chunks each having a data chunk size of 1000 bytes, the intermediate value is taken from a predefined size of the data chunk, such as the first 800 bytes. As the hash function operates over the first 800 bytes of each data chunk, the intermediate result from hashing the first 800 bytes is saved for use in computing the entire object checksum. Meanwhile, the hash function continues over the remaining 200 bytes of the data chunk, and produces a hash value for the individual data chunk. The intermediate results produced by hashing the first 800 bytes of each data chunk of a data object are then combined, and an algorithm computes a checksum from this collection of intermediate values.

As is evident from this description, calculating the checksum based on a hash function intermediate result produces an object checksum with far less processing. Further, the value produced by this intermediate result object signature is nearly as accurate as computing a checksum on the entire data object, because the likelihood of detecting false matches of the 1000-byte checksum by looking at the 800-byte checksum is very high.

One example of this enhanced method is further depicted in FIG. 10. As shown, data object 1010 is split into chunks 1020(1)-1020(4) in preparation for deduplication of the data chunks 1020. As is performed in a normal deduplication process, a hash value is computed for each data chunk 1020 to determine if any duplicate data chunks exist. In the enhanced process depicted in FIG. 10, the intermediate hash value from a predefined size of each data chunk 1021(1)-1021(4) is saved. The intermediate values 1021(1)-1021(4) are combined to produce intermediate hash function results of each data chunk. The object signature 1050 is then calculated from these intermediate results, and stored in an index 1060.

Additionally, the hash function completes hashing each data chunk as in 1022(1)-1022(4), which then produces the hash values 1030(1)-1030(4) for all data chunks of the data object. As occurring in other embodiments of the present invention, the hash values (chunk identifiers) 1030(1)-1030(4) are then stored in an index 1040 and used to determine whether deduplication is needed for each data chunk.

Later, when the data object is retrieved from its deduplicated state, the checksum would be regenerated from the reassembled data object containing deduplicated chunks to ensure integrity. The method would perform the hashing process again to compute a checksum from the intermediate result of a predefined size of each chunk, although the hash function needs to only hash enough of each data chunk to produce the intermediate result.

The process of this additional refinement is further depicted in the flowchart of FIG. 11. As shown in step 1101, the process is initiated when a data object is deduplicated. As in step 1102, the data object is divided into one or more data chunks. The data chunks are inputted into a hash function as in 1103, and the hash function is performed on a predefined portion of each data chunk to produce an intermediate hash value as in 1104.

Next, two operations occur based on the intermediate hash value produced for the predefined portion of each data chunk. An object signature is generated based on the combination of the intermediate hash values of the data chunks as in 1105. This object signature is stored as in 1106 for later data verification and retrieval. The second operation that occurs with the intermediate hash value is to perform the hash function on the remainder of each data chunk, and accordingly compute the hash value for each entire data chunk as in 1107. The hash values that are computed in 1107 are then used to perform deduplication on the data chunks as in 1108.

When the data object is accessed, the deduplicated data chunks are assembled into the reassembled data object as in 1109. Next, the same steps as used to originally compute the object signature are performed. The deduplicated data chunks of the reassembled data object are inputted into a hash function as in 1110, and a reassembled data object signature is generated from the intermediate hash values of a portion of each deduplicated data chunk as in 1111. A comparison is performed to verify the reassembled data object signature with the original data object signature in the index as in 1112, and the reassembled data object is provided if it matches the original object signature as in 1113. If the reassembled data object signature does not match the original data object signature, steps may be taken to alert the user and/or retrieve a backup copy of the data object similar to the methods described above.

In a further embodiment, the method depicted in FIGS. 10-11 can be combined with the method depicted in FIGS. 8-9. Returning to the example of the 1000 byte data chunk, this further embodiment prevents the last 200 bytes of the 1000 byte data chunk from being discarded. Particularly, this method involves calculating a checksum on the intermediate result of the first 800 bytes, in addition to using a partial checksum calculation over the last 200 bytes of the 1000 byte data chunk, instead of the first 200 bytes.

The present invention can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment containing both hardware and software elements. In one embodiment, the invention is implemented in software, which includes but is not limited to firmware, resident software, microcode, etc. Additionally, the present invention may be implemented in a storage-management system, but it is also applicable to a storage appliance such as a virtual tape library.

Furthermore, the invention can take the form of a computer program product accessible from a computer-usable or computer-readable medium providing program code for use by or in connection with a computer or any instruction execution system. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.

The medium can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium. Examples of a computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk. Current examples of optical disks include compact disk-read only memory (CD-ROM), compact disk-read/write (CD-R/W) and DVD.

A data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus. The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.

Input/output or I/O devices (including but not limited to keyboards, displays, pointing devices, etc.) can be coupled to the system either directly or through intervening I/O controllers. Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modem and Ethernet cards are just a few of the currently available types of network adapters.

Although various representative embodiments of this invention have been described above with a certain degree of particularity, those skilled in the art could make numerous alterations to the disclosed embodiments without departing from the spirit or scope of the inventive subject matter set forth in the specification and claims. 

What is claimed is:
 1. An enhanced method in a computer system for assuring integrity of deduplicated data in a data system, comprising: performing deduplication upon a data object by dividing the data object into a set of one or more data chunks; performing a hash function upon a predetermined partial portion of a predetermined size of each data chunk to produce a first intermediate hash value of the data chunk; performing the hash function upon a remainder of each data chunk to produce a chunk identifier for the data chunk; generating an original object signature of the data object by computing a first checksum from each of the first intermediate hash values and combining the first checksums to form the original object signature; storing the original object signature in an object index; and removing a first data chunk when a chunk identifier in a chunk index matches the chunk identifier of the first chunk; performing a hash function upon a predetermined partial portion of a predetermined size of each data chunk of a reassembled data object to produce a second intermediate hash value of the data chunk; generating a reassembled object signature of the reassembled data object by computing a second checksum from each of the second intermediate hash values and combining the second checksums to form the reassembled object signature; and providing the reassembled data object when the reassembled object signature matches the original object signature.
 2. The method as in claim 1, wherein computing a checksum utilizes the hash function used to compute the hash value for the data chunk and the method further comprises: deduplicating each data chunk based on the computed chunk identifier for each data chunk; assembling the deduplicated data object into a reassembled state responsive to the data object being accessed; dividing the reassembled data object into a set of one or more data chunks.
 3. The method as in claim 2, wherein the original object signature and reassembled object signature are checksums generated with a hash function selected from the group consisting of SHA-256, SHA-512, and Whirlpool.
 4. The method as in claim 1, wherein the data object is divided into data chunks using a Rabin fingerprinting technique.
 5. The method as in claim 1, wherein deduplication and generation of the original object signature is performed during ingestion of the data object into the data system.
 6. The method as in claim 1, wherein deduplication and generation of the original object signature is performed subsequent to ingestion of the data object into the data system.
 7. The method as in claim 2, further comprising copying the data object to a backup storage media.
 8. The method as in claim 7, further comprising providing the data object stored on the backup storage media if the reassembled object signature of the reassembled data object does not match the original object signature.
 9. The enhanced method of claim 1, wherein checksums are combined to form the original object signature by concatenating the checksums.
 10. An enhanced method in a computer system for assuring integrity of deduplicated data in a data system, comprising: performing deduplication upon a data object by dividing the data object into a set of one or more data chunks and deduplicating the data chunks; performing a hash function upon a predetermined partial portion of a predetermined size of each data chunk to produce a first intermediate hash value of the data chunk; performing the hash function upon a remainder of each data chunk to produce a chunk identifier for the data chunk; generating an original object signature of the data object by computing a checksum from each of the first intermediate hash values and combining the checksums to form the original object signature; and storing the original object signature in an object index; and removing the first data chunk when a chunk identifier in a chunk index matches the chunk identifier of the first chunk; performing the hash function on the predetermined portion of the predetermined size of each data chunk to produce a second intermediate hash value of the data chunk; generating a reassembled object signature of the reassembled data object by computing a checksum from the second intermediate hash values; comparing the reassembled object signature with the original object signature stored in the index; and providing the reassembled data object when the reassembled object signature matches the original object signature.
 11. The method as in claim 10, wherein the original object signature and reassembled object signature are checksums generated with a hash function selected from the group consisting of SHA-1, SHA-256, SHA-512, and Whirlpool and the method further comprising: assembling the deduplicated data object into a reassembled state responsive to the data object being accessed.
 12. The method as in claim 10, wherein the data object is divided into data chunks using a Rabin fingerprinting technique.
 13. The method as in claim 10, wherein deduplication and generation of the original object signature is performed during ingestion of the data object into the data system.
 14. The method as in claim 10, wherein deduplication and generation of the original object signature is performed subsequent to ingestion of the data object into the data system.
 15. The method as in claim 11, further comprising copying the data object to a backup storage media.
 16. The method as in claim 15, further comprising providing the data object stored on the backup storage media if the reassembled object signature of the reassembled data object does not match the original object signature.
 17. A system, comprising: at least one processor; and at least one memory storing instructions operable with the at least one processor for assuring integrity of deduplicated data, the instructions being executed for: performing deduplication upon a data object by dividing the data object into a set of one or more data chunks; performing a hash function upon a predetermined partial portion of a predetermined size of the data chunk to produce a first intermediate hash value of the data chunk, the hash function selected from the group comprising of SHA-256, SHA-512 and whirlpool; performing the hash function upon a remainder of each data chunk to produce a chunk identifier for the data chunk; generating an original object signature of the data object by computing a checksum from the first intermediate hash values and combining the checksums to form the original object signature; and storing the original object signature in an object index; removing a first data chunk when a chunk identifier in a chunk index matches the chunk identifier of the first chunk performing a hash function upon a predetermined partial portion of a predetermined size of each data chunk of a reassembled data object to produce a second intermediate hash value of the data chunk; generating a reassembled object signature of the reassembled data object by computing a second checksum from each of the second intermediate hash values and combining the second checksums to form the reassembled object signature; and providing the reassembled data object when the reassembled object signature matches the original object signature.
 18. The system of claim 17, wherein checksums are combined to form the original object signature by concatenating the checksums.
 19. A system, comprising: at least one processor; and at least one memory storing instructions operable with the at least one processor for assuring integrity of deduplicated data, the instructions being executed for: performing deduplication upon a data object by dividing the data object into a set of one or more data chunks and deduplicating the data chunks; performing a hash function upon a predetermined partial portion of a predetermined size of each data chunk to produce a first intermediate hash value of the data chunk, the hash function selected from the group consisting of SHA-256, SHA-512 and whirlpool; performing the hash function upon a remainder of each data chunk to produce a chunk identifier for the data chunk; generating an original object signature of the data object by computing a checksum from each first intermediate hash value and combining the checksums to form the original object signature; storing the original object signature in an object index; and removing a first data chunk when a chunk identifier in a chunk index matches the chunk identifier of the first chunk; perform the hash function on the predetermined portion of the predetermined size of each data chunk to produce a second intermediate hash value of the data chunk; generate a reassembled object signature of the reassembled data object by computing a checksum from the second intermediate hash values; comparing the reassembled object signature with the original object signature associated with the data object stored in the index; and providing the reassembled data object when the reassembled object signature matches the original object signature.
 20. The computer program product of claim 19, the computer readable program further causing the computer to: assemble the deduplicated data object into a reassembled state responsive to the data object being accessed; divide the reassembled data object into a set of one or more data chunks. 